A significant revamp of a key cyber security document is designed to provide government agencies with strategic guidance on protecting their data.
The Australian Cyber Security Centre (ACSC), which is part of the Australian Signals Directorate (ASD), has released an updated version of the government’s Information Security Manual (ISM). The ISM now includes a series of “cyber security principles” grouped into four key activities:
- Govern: Identifying and managing security risks.
- Protect: Implementing security controls to reduce security risks.
- Detect: Detecting and understanding cyber security events.
- Respond: Responding to and recovering from cyber security incidents.
The document includes a framework to help organisations assess their maturity across the four categories.
The updated ISM is the culmination of a 12-month effort to shift the document “from a compliance-based information security manual to a principles-based cyber security framework that organisations can apply, using their corporate risk management framework, to protect their systems…
